package lumis.service.portalmanagement.localgroup;

import lumis.doui.service.DouiServiceInterface;
import lumis.portal.AccessDeniedException;
import lumis.portal.PortalException;
import lumis.portal.authentication.SessionConfig;
import lumis.portal.channel.acl.ChannelPermissions;
import lumis.portal.group.acl.GroupPermissions;
import lumis.portal.manager.ManagerFactory;
import lumis.portal.principal.PrincipalConfig;
import lumis.portal.serviceinterface.IServiceInterfaceActionRequest;
import lumis.portal.serviceinterface.IServiceInterfaceActionResponse;
import lumis.portal.serviceinterface.IServiceInterfaceRenderRequest;
import lumis.portal.serviceinterface.IServiceInterfaceRenderResponse;
import lumis.portal.serviceinterface.IServiceInterfaceRequest;
import lumis.portal.serviceinterface.ServiceInterfaceException;
import lumis.portal.transaction.PortalTransactionFactory;
import lumis.util.ITransaction;

/**
 * {@link DouiServiceInterface} extension that validates user permissions.
 * 
 * @version $Revision: 13092 $ $Date: 2011-05-28 18:19:06 -0300 (Sat, 28 May 2011) $
 * @since 6.0.0
 */
public class AddMembershipInterface extends DouiServiceInterface
{
	@Override
	public void render(IServiceInterfaceRenderRequest request, IServiceInterfaceRenderResponse response) throws ServiceInterfaceException,
			PortalException
	{
		validate(request);
		super.render(request, response);
	}

	@Override
	public void processAction(IServiceInterfaceActionRequest request, IServiceInterfaceActionResponse response)
			throws ServiceInterfaceException, PortalException
	{
		validate(request);
		super.processAction(request, response);
	}

	/**
	 * Validates user permissions.
	 * 
	 * @param request
	 *            the request.
	 * @throws AccessDeniedException
	 *             if user doesn't have the necessary permissions.
	 * @throws PortalException
	 *             if an error occur.
	 * @since 6.0.0
	 */
	private void validate(IServiceInterfaceRequest request) throws PortalException
	{
		ITransaction transaction = PortalTransactionFactory.createTransaction();
		try
		{
			transaction.begin();
			SessionConfig sessionConfig = SessionConfig.getCurrentSessionConfig();
			String memberId = request.getParameter("memberId");
			if (ManagerFactory.getPrincipalManager().get(sessionConfig, memberId, transaction).getType() == PrincipalConfig.TYPE_GROUP)
			{
				if (!ManagerFactory.getGroupAclManager().checkPermission(sessionConfig, memberId, GroupPermissions.MANAGE_GROUP,
						transaction))
					throw new AccessDeniedException();
			}
			else
			{
				String channelId = ManagerFactory.getUserManager().get(sessionConfig, memberId, transaction).getChannelId();
				if (!ManagerFactory.getChannelAclManager().checkPermission(sessionConfig, channelId,
						ChannelPermissions.MANAGE_CHANNEL_SECURITY, transaction))
					throw new AccessDeniedException();
			}

			transaction.commit();
		}
		finally
		{
			transaction.dispose();
		}
	}
}
